BRKCRS 2501

Campus QoS Design
Simplified
Tim Szigeti
BRKCRS-2501
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design

Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design

Cisco AireOS WLC AVC/QoS Design
Summary and References
Campus QoS Design

Considerations
and Best Practices
What Do You Consider First?
BRKRST-2056: The QoS Paradigm Shift

http://tinyurl.com/ps8yzug
Start by Defining Your QoS Strategy

Articulate Your Business Intent, Relevant Applications and End-to-End Strategy
BRKRST-2056: The QoS Paradigm Shift
The Case for Campus QoS
The primary role of QoS in campus networks is to manage packet loss
In campus networks, it takes only a few milliseconds of congestion to cause drops
Rich media applications are extremely sensitive to packet drops
Why Is Video So Sensitive to Packet Loss?

1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9)
1080 lines of Horizontal Resolution
1080p60
1080 x 1920 lines =
2,073,600 pixels per frame
x 24 bits of color per pixel

x 60 frames per second
= 2,985,984,000 bps
or 3 Gbps Uncompressed!
Cisco (H264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream
which represents over 99.8% compression (~ 1000:1)
Packet loss is proportionally magnified by compression ratios
Users can notice a single packet lost in 10,000
Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!
VoIP vs. HD VideoAt the Packet Level

Voice Packets
Video Packets
1400
1400
1000
1000
Video
Frame
Bytes
Audio
Samples
600
200
Time
600
200
20 msec
33 msec
Video
Frame
Video
Frame
Campus QoS Design Considerations

How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
GE Linecard Example
Gbps Line Rate
120
GE Linecard Example (WS-X6148)

Total Per-Port Buffer: 5.4 MB
100
80
Total Per-Queue Buffer*: 1.35 MB
60
40
Gbps Line Rate: 1 Gbps = 125 MB/s

or 125 KB/ms
20
0
10
50
90
130
170
210
250
290
330
370
410
450
490
530
570
610
650
690
730
770
810
850
890
930
970
KBytes Per ms
140
Begin dropping at 11 ms
but overall utilization is only 1%!
Total Per-Queue Buffering Capacity: 10.8 ms
ms
*Assuming (4) equal-sized queues
1 second

How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
10-GE Linecard Example
1200
10 Gbps Line Rate
1000
10 GE Linecard Example (WS-X6908)

Total Per-Port Buffer: 90 MB
800
600
Total Per-Queue Buffer*: 11.25 MB
400
200
0
10
50
90
130
170
210
250
290
330
370
410
450
490
530
570
610
650
690
730
770
810
850
890
930
970
KBytes Per ms
1400
Begin dropping at 9 ms
but overall utilization is only 1%!
ms
1 second
Gbps Line Rate: 10 Gbps = 1.25 GB/s

or 1250 KB/ms
Total Per-Queue Buffering Capacity: 9.0 ms
*Assuming (8) equal-sized queues
Oversubscription in the Campus
GE Link
10GE Link
40GE Link
GE Link
10GE Link
40GE Link
x 11
GE Link
10GE Link
40GE Link
GE Link
10GE Link
40GE Link
Know Your Tools
Catalyst and Nexus switch hardware
Software and Syntax
Global Default QoS Settings
Trust States and Conditional Trust
Logical vs. Physical Interface QoS
Ingress and Egress Queuing Models
Hardware Varies
American Version
2015 Cisco Live San Diego
Hardware Varies
Italian Version
2015 Cisco Live Milan
Hardware Varies
German Version
2016 Cisco Live Berlin
Hardware Varies
Canadian Version
2015 Cisco Connect Toronto
Software and Syntax Variations
Catalyst 2960-X / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS)
Catalyst 3650/3850 and 4500 use IOS Modular QoS Command Line Interface (MQC)
QoS is enabled by default

All ports are trusted at layer 2 and layer 3 by default
Catalyst 6500/6800 use Cisco Common Classification Policy Language (C3PL) QoS
QoS is disabled by default and must be globally enabled with mls qos command
Once enabled, all ports are set to an untrusted port-state
QoS is enabled by default (Sup2T) Disabled by default (Sup720)

C3PL presents queuing policies similar to MQC, but as a defined type of policy
Nexus 7000/7700 use NX-OS QoS
QoS is enabled by default

NX-OS presents queuing policies similar to MQC, but as a defined type and with default class-map names
Trust Boundary
Trust Boundaries
Untrusted / User-Administered Devices

no mls qos trust
Trust Boundary
The trust boundary is the edge where

Layer 2 (CoS / UP) and/or
Layer 3 (DSCP)
markings are accepted or rejected
Trusted Centrally-Administered Devices

mls qos trust dscp
Trust Boundary
Centrally-Administered &
Conditionally-Trusted Devices
mls qos trust device
cisco-phone
cts
ip-camera
media-player
Policy Enforcement Points (PEPs)
The Policy Enforcement Point (PEP) is the edge where classification and marking policies are enforced
The PEP may or may not be the same as the trust boundary
Multiple PEPs may exist for different types of network devices
e.g. switch PEP vs. router PEP
Trust Boundary
Switch
PEP
Router
PEP
Note: For the sake of simplification, in this deck PEP will refer to
classification and marking policy enforcement points (only)
and will not include other policy enforcement points (e.g. queuing).
Conditional Trust
Trust Boundary, PEP and MappingPart 1
A Conditional Trust statement is deployed on all access edge switch ports

And a classification policy is applied to all access edge switch
Trust Boundary
PEP
class-map match-all VOICE

match access-group name VOICE
class-map match-all VIDEO
match access-group name VIDEO
class-map match-all BULK-DATA
match access-group name BULK-DATA
policy-map MARKING
class VOICE
set dscp ef
class VIDEO
set dscp af41
class BULK-DATA
set dscp af11
interface gig 1/1-48

trust device cisco-phone
service-policy input MARKING
Conditional Trust
Trust Boundary, PEP and MappingPart 2

If a Cisco IP Phone is detected
then the trust boundary extends to the IP Phone
The IP Phone sets CoS for Voice and Signaling
and resets all else to 0
IP Phone
CoS Mapping Table
CoS 6-7
CoS 0
Voice
CoS 5
Signaling CoS 3
CoS 0-4
DSCP 0
CoS
CoS
CoS
CoS
CoS
CoS
CoS
CoS
Access Switch
CoS-to-DSCP
Mapping Table
7 DSCP CS7 (56)
6 DSCP CS6 (48)
5 DSCP EF (46)*
4 DSCP CS4 (40)
3 DSCP CS3 (24)
2 DSCP CS2 (16)
1 DSCP CS1 (8)
0 DSCP DF (0)
The access switch maps CoS-to-DSCP
* Non-Default Mapping
Note: the Policy Enforcement Point remains at the access switch
Trust Boundary
PEP
Per-Port QoS vs. Per-VLAN QoS

Per-Port QoS
Per-VLAN QoS
Policy map is applied to the
logical VLAN interface
VLAN Interfaces
VLAN 10
VLAN 20
VLAN Interfaces
VLAN 10
Physical Ports
Physical Ports
Policy map is applied to the
physical switch port
VLAN 20

mls qos vlan-based
interface Vlan 10

Per-Port/Per-VLAN QoS
VLAN Interfaces
DVLAN 10
VVLAN 110
DVLAN policy map is applied

to the Data VLAN (only)
on a given trunked switch port
Trunked Physical Ports

VVLAN policy map is applied
to the Voice VLAN (only)
on a given trunked switch port
EtherChannel QoS
EtherChannels are comprised of logical (Port-Channel) interfaces and physical

(port-member) interfaces
Ingress QoS policies are usually applied to the logical interfaces (but not always)
Egress QoS policies (such as queuing) are always applied to the physical portmember interfaces
Platform
QoS Policies Applied to the

(Logical) Port-Channel
Interface
Catalyst 2960-X

(Physical) Port-Member
Interfaces
Ingress & Egress
Catalyst 3650/3850
Ingress
Egress
Catalyst 4500
Ingress
Egress
Catalyst 6500
Ingress
Egress
Campus QoS Design Best Practices
Always perform QoS in hardware rather than software when a choice exists
Classify and mark applications as close to their sources as technically and

administratively feasible
Police unwanted traffic flows as close to their sources as possible
Enable queuing policies at every node where the potential for congestion exists
Campus Ingress QoS Models

No Trust (Untrusted)
Trust DSCP
Trust CoS
Marking Policies
VoIP Classifier
(Optional) Policing Policies

Mark EF
VVLAN
VoIP Policer (<128 kbps)
Yes
No
Signaling Classifier
Mark CS3
Signaling Policer (<32 kbps)
Yes
No
Multimedia Conferencing Classifier
Mark AF41
MM-Conf Policer (<5 Mbps)
Yes
No
Signaling Policer (<32 kbps)
Yes
No
Trans-Data Policer (<10 Mbps)
Yes
No
Bulk Data Policer (<10 Mbps)
Yes
No
Scavenger Policer (<10 Mbps)
Yes
No
Best Effort Policer (<10 Mbps)
Yes
No
Signaling Classifier
Transactional Data Classifier
Bulk Data Classifier
Scavenger Classifier
Best Effort (Class-Default)
Mark CS3
Mark AF21
Mark AF11
Mark CS1
Mark DF
DVLAN
Drop
Drop
Drop
Drop
Remark to CS1
Remark to CS1
Drop
Remark to CS1
Ingress Queuing Policies

(if required and supported)
Trust Device / Conditional Trust
Catalyst Hardware Queuing

1P3Q1T Example
Each queue has 1 Drop Threshold
(the tail of the queue)
1 Priority Queue
3 Non-Priority
Queues
1P3Q1T

1P3Q1T Example
Resume
Interrupt
Scheduling
Weighted Tail Drop (WTD) Operation

3T WTD Example
Front
of
Queue
Tail
of
Queue
Direction
of
Packet
Flow
Red Minimum WTD Threshold 1:

Begin tail dropping red packets
Yellow Minimum WTD Threshold 2:
Begin tail dropping yellow packets
Tail of Queue is WTD Threshold 3
Weighted Random Early Detect (WRED) Operation

Front
of
Queue
Tail
of
Queue
Direction
of
Packet
Flow
AF13 Minimum WRED Threshold:
Begin randomly dropping AF13 Packets
Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example
Campus Port QoS Roles

Untrusted Endpoint Port QoS:
Port Set to Untrusted State
(or Explicit Policy to Mark to DSCP 0)
[Optional Ingress Marking and/or Policing]

[Ingress and] Egress Queuing
Trusted Port QoS

Conditionally-Trusted Endpoint Port QoS
Conditional-Trust with Trust-CoS or DSCP

[Optional Ingress Marking and/or Policing]
Trust DSCP
(Default on all non-MLS QoS platforms)
Campus QoS DesignAt-A-Glance
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.pdf
Agenda


Cisco Catalyst 2960-X

QoS Design
Catalyst 2960-X
QoS Roles in the Campus Access
No Trust +
Ingress Queuing +
Egress Queuing
Trust DSCP +
Ingress Queuing +
Egress Queuing
Conditional Trust +
Ingress Queuing +
Egress Queuing
C2960-X
Access
Switch
Distribution
Switches
Classification/Marking +
[Optional Policing] +
Ingress Queuing +
Egress Queuing
Catalyst 2960-X
QoS Design Steps
1. Enable QoS
2. Configure Ingress QoS Model(s):
Trust Models
Conditional Trust Model
Service Policy Models
3. Configure Egress Queuing
Note: Catalyst 2960-X is QoS compatible with the

Catalyst 3560 & 3750, with the following exceptions:
The Catalyst 3560 & 3750 support ingress queuing
policies, but the 2960-X does not.
Similarly, the Catalyst 3560 & 3750 support VLANbased QoS policies, but the 2960-X does not.
Catalyst 2960-X
Enabling QoS and Trust Models
Enabling QoS:
mls qos
Shaded commands are global
Trust-CoS Model Example:

mls qos map cos-dscp 0 8 16 24 32 46 48 56
Key commands/parameters in RED
mls qos trust cos
Highlighted commands are interface specific
Trust-DSCP Model Example:

mls qos trust dscp
Note: CoS 5 which is explicitly mapped to DSCP 46
Conditional-Trust Model Example:

mls
mls
mls
mls
qos
qos
qos
qos
trust
trust
trust
trust
device
device
device
device
cisco-phone
[or]
cts
[or]
ip-camera
[or]
media-player
Note: Only one type of device may be configured at a time
Catalyst 2960-X
Conditional Trust Model Example
Conditional Trust Policy to a Cisco IP Phone:
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos trust device cisco-phone
mls qos trust cos
CoS must be
matched as Cisco IP
Phones only remark
at Layer 2
Note: All CoS-to-DSCP values are left at default

(DSCP = CoS * 8)
Except for CoS 5 which is explicitly mapped to DSCP 46
(Expedite Forwarding/EF, per RFC 3246 & 4594).
Catalyst 2960-X
Marking Policy Model Example
class-map match-all
match access-group
class-map match-all
match access-group
class-map match-all
match access-group
class-map match-all
match access-group
class-map match-all
match access-group
class-map match-all
match access-group
VOIP
name VOIP
MULTIMEDIA-CONFERENCING
name MULTIMEDIA-CONFERENCING
SIGNALING
name SIGNALING
TRANSACTIONAL-DATA
name TRANSACTIONAL-DATA
BULK-DATA
name BULK-DATA
SCAVENGER
name SCAVENGER
policy-map MARKING-POLICY
class VOIP
set dscp ef
class MULTIMEDIA-CONFERENCING
set dscp af41
class SIGNALING
set dscp cs3
class TRANSACTIONAL-DATA
set dscp af21
class BULK-DATA
set dscp af11
class SCAVENGER
set dscp cs1
class class-default
set dscp default
service-policy input MARKING-POLICY
Catalyst 2960-X
Marking & Policing Policy Example
mls qos map policed-dscp 0 10 18 to 8
Note: Remarking is performed by configuring a

policed-DSCP map with the global configuration
command mls qos map policed-dscp, which
specifies which DSCP values are subject to
remarking if out-of-profile and what value these
should be remarked as.
In this example exceeding:
Best Effort (DSCP 0)
Bulk (AF11 / DSCP 10)
Transactional Data (AF21 / DSCP 18)
are remarked to Scavenger (CS1 / DSCP 8).
[class-maps omitted for brevity]

policy-map MARKING&POLICING
[continued]
class VVLAN-VOIP
class BULK-DATA
set dscp ef
set dscp af11
police 128k 8000 exceed-action drop
police 10m 8000 exceed-action policed-dscp-transmit
class VVLAN-SIGNALING
class SCAVENGER
set dscp cs3
set dscp cs1
police 10m 8000 exceed-action drop
class DEFAULT
set dscp af41
set dscp default
police 5m 8000 exceed-action drop
class SIGNALING
set dscp cs3
service-policy input MARKING&POLICING
set dscp af21
Catalyst 2960-X
1P3Q3T Egress Queuing Model
Application
DSCP
Network Control
(CS7)
Internetwork Control
CS6
VoIP
EF
1P3Q3T
AF1
CS1
DF
Queue 4
(5%)
Q4T2
Q4T1
Default Queue
Queue 3 (35%)
Broadcast Video
CS5
Multimedia Conferencing
AF4
CS7
Realtime Interactive
CS4
CS6
Multimedia Streaming
AF3
CS3
Q2T3
Q2T2
Queue 2
Signaling
CS3
AF4
Transactional Data
AF2
AF3
Network Management
CS2
AF2
Bulk Data
AF1
Scavenger
CS1
(30%)
CS2
Best Effort
DF
EF
CS5
CS4
Q1
Priority Queue
Q2T1
Catalyst 2960-X
1P3Q3T Egress Queuing Model ConfigPart 1 of 2
! This section configures egress buffers and thresholds
mls qos queue-set output 1 buffers 15 30 35 20
mls qos queue-set output 1 threshold 1 100 100 100 100
! This section configures egress
mls qos srr-queue output cos-map
CoS-to-Queue mappings
queue 1 threshold 3 4 5
queue 2 threshold 1 2
queue 2 threshold 3 6 7
Note: The Catalyst 2960-X can also be

configured to use an 8-queue model; however
this model is NOT supported in a stack, nor is
it supported if AutoQoS is enabled.
Allocates buffers to Q1, Q2, Q3 and Q4

(respectively)
Each queue has 4 thresholds:

WTD Threshold 1
WTD Threshold 2
Reserved Thresholdbuffers that may NOT
be shared with adjacent port-queues
Maximum Thresholdmaximum amount of
buffers may be borrowed from common buffer
pools (if available)
If the packet enters the switch on a port that is set

to trust cos then these CoS-to-Queue mappings
will be used to determine how the packet is
queued on egress
Catalyst 2960-X
1P3Q3T Egress Queuing Model ConfigPart 2 of 2
! This section configures egress DSCP-to-Queue mappings
mls qos srr-queue output dscp-map queue 1 threshold 3 32
If the packet enters the switch on a port

that is set to trust dscp then these
DSCP-to-Queue mappings will be used to
determine how the packet is queued on
egress
40 46
18 20 22
28 30 34 36 38
56
12 14
! This section configures interface egress queuing parameters

queue-set 1
srr-queue bandwidth share 1 30 35 5
priority-queue out
Enables the PQ
Allocates bandwidth to each queue by means of a WRR weight.

Q1 weight is ignored, as its operating as a PQ
Catalyst 2960-X
EtherChannel QoS Design
All QoS policies are configured on the physical port-member interfaces only
Platform
Catalyst 2960/3560/3750

Interface

Interfaces
Ingress & Egress
Catalyst 2960-X QoS Design At-A-Glance
AutoQoS SRND4 At-A-Glance
http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Video/autoqosmediacampus.pdf
Agenda


Cisco Catalyst 3650/3850

QoS Design
Catalyst 3650/3850
QoS Roles in the Campus Access
No Trust +
Egress Queuing
Trust DSCP +
Egress Queuing
C3650/3850
Access
Switch
Conditional Trust +
Egress Queuing
Classification/Marking +
[Optional Policing] +
Egress Queuing
Distribution
Switches
Wireless Per-Port / Per-SSID / Per-Client Policies:

[Optional: Classification/ Marking]
[Optional: Policing]
2P2Q+AFD Egress Queuing
Catalyst 3650/3850
QoS Design Steps
Trust DSCP Model*

Conditional Trust Models (wired ports only)
Service Policy Models (wired or wireless ports)
Wired Queuing Models: 8Q3T or 1P7Q3T or 2P6Q3T

Wireless Queuing Model: 2P2Q+AFD
*Note: Catalyst 3650/3850 IOS MQC trusts all wired ports by default
Prior to IOS XE 3.3, wireless ports were set to an untrusted state by default.
However, this default setting can be globally disabled with the following command:
no qos wireless-default-untrust
Beginning with IOS XE 3.3, wireless ports are also trusted by default
Catalyst 3650/3850
Conditional Trust Models
Only match-any is supported

(i.e. match-all is not supported)
Conditional-Trust
(Cisco
IP Phone)
Cisco IP Phone
Conditional
TrustExample:
Example
Conditional-Trust Models:
interface GigabitEthernet 1/0/1
[or]
trust device cts
[or]
trust device ip-camera [or]
trust device media-player
Only one type of device can be configured for

conditional trust on an interface at a given time
class-map match-any VOICE

match cos 5
class-map match-any SIGNALING
match cos 3
CoS
CoSmust
mustbe
be
matched
matchedas
asCisco
Cisco
IP
IPPhones
Phonesonly
only
remark
remarkat
atLayer
Layer22
policy-map CISCO-IPPHONE
class VOICE
set dscp ef
class SIGNALING
set dscp cs3
class class-default
set dscp default
service-policy input CISCO-IPPHONE
Catalyst 3650/3850
Marking Policy Example
class VOIP
set dscp ef
set dscp af41
class SIGNALING
set dscp cs3
set dscp af21
class BULK-DATA
set dscp af11
class SCAVENGER
set dscp cs1
class default
set dscp default
! This section attaches the service-policy

! to a wired interface(s)
interface range GigabitEthernet 1/0/1-48
! to a wireless interface(s) at the SSID level
wlan EMPLOYEE-WLAN
! to a wireless interface(s) at the client level
wlan EMPLOYEE-WLAN
service-policy client input MARKING
Inclusion of the client keyword applies

the service-policy at the client level
Catalyst 3650/3850
Marking & Policing Policy ExamplePart 1 of 2
All markdown and/or

mapping operations
are configured
through table-maps
[continued]
class VVLAN-VOIP
table-map TABLE-MAP
set dscp ef
set dscp af21
map from 0 to 8
police 128k
police 10m
map from 10 to 8
conform-action transmit
map from 18 to 8
exceed-action drop
exceed-action TABLE-MAP
class VVLAN-SIGNALING
class BULK-DATA
set dscp cs3
set dscp af11
police 32k
police 10m
exceed-action drop
class SCAVENGER
set dscp af41
set dscp cs1
Policing to remark traffic
police 5m
police 10m
is done by referencing
the previously-configured
exceed-action drop
exceed-action drop
table-map
class SIGNALING
class class-default
set dscp cs3
set dscp default
police 32k
police 10m
exceed-action drop
Policers can may be set to either remark or drop excess traffic
Catalyst 3650/3850
Marking & Policing Policy ExamplePart 2 of 2
! This section attaches the service-policy to a wired interface(s)
service-policy input POLICING
Service policies applied to the

SSID level are actually
applied to the BSSID
(that is, per SSID/AP pair)
! This section attaches the service-policy to a wireless interface(s) at the SSID level
! The policy will be applied to all clients belonging to the SSID at an aggregate level
wlan EMPLOYEE-WLAN
service-policy input POLICING
! This section attaches the service-policy to a wireless interface(s) at the client level
! The policy will be applied to individual clients at an aggregate level
wlan EMPLOYEE-WLAN
service-policy client input POLICING
The inclusion of the client keyword
changes the application of the policer
from the SSID-aggregate level to the
client-aggregate level
Catalyst 3650/3850
Per-Port/Per-VLAN Policy
class-map VVLAN
match vlan 110
class-map DVLAN
match vlan 10
policy-map VLAN-POLICERS
class VVLAN
police 192k
conform-action transmit exceed-action drop
class DVLAN
police 50m
conform-action transmit exceed-action drop
service-policy input VLAN-POLICERS
Individual
Individual (trunked)
(trunked) VLANs
VLANs are
are
matched
matched by
by the
the match
match vlan
vlan command
command
Policers are applied on a per-VLAN

Policers are applied on a Per-VLAN basis
basis
Per-VLAN policers are then applied on a Per-Port basis

2P6Q3T Example
PQ1
PQ2
Interrupt
Interrupt
Scheduling
Scheduling
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model
2P6Q3T
Application
DSCP
Network Control
(CS7)
EF
CS6
CS5
VoIP
EF
Broadcast Video
CS5
PQ Level 1 (10%)
PQ Level 2 (20%)
CS4
CS7 & CS6
CS3 & CS2
AF4
CS4
AF3
Signaling
CS3
Transactional Data
AF2
Network Management
CS2
Bulk Data
AF1
Scavenger
CS1
Best Effort
DF
Q6
(BWR 10%)
AF4
Q5
(BWR 10% + WTD)
AF3
Q4
(BWR 10% + DSCP-Based WTD)
AF2
Q3
AF1
CS1
DF
Q2
Q1 (BWR 25%)
BWR =
Bandwidth
Remaining
WTD =
Weighted
Tail
Drop
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config Part 1of 2
class-map match-any VOICE-PQ1
match dscp ef
class-map match-any VIDEO-PQ2
match dscp cs4
match dscp cs5
class-map match-any CONTROL-MGMT-QUEUE
match dscp cs7 cs6 cs3 cs2
class-map match-any MULTIMEDIA-CONFERENCING-QUEUE
match dscp af41 af42 af43
class-map match-any MULTIMEDIA-STREAMING-QUEUE
class-map match-any TRANSACTIONAL-DATA-QUEUE
class-map match-any SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13
Note: On platforms with shared buffer and TCAM

architectures (2960/3560/3750/3650/3850/4500),
show policy-map interface commands do not report
per-port packets or byte-counters.
This is a limitation of shared hardware architectures.
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config Part 2 of 2
policy-map 2P6Q3T
class VOICE-PQ1
Two-levels of priority
priority level 1
queuing are supported
police rate percent 10
class VIDEO-PQ2
priority level 2
police rate percent 20
class CONTROL-MGMT-QUEUE
bandwidth remaining percent 10
queue-buffers ratio 10
class MULTIMEDIA-CONFERENCING-QUEUE
queue-limit dscp af43 percent 80

service-policy output 2P6Q3T
If a PQ is enabled then
non-PQs must use
bandwidth remaining
[continued]
class MULTIMEDIA-STREAMING-QUEUE
Allocates
buffers to
non-PQs
class TRANSACTIONAL-DATA-QUEUE
Tunes
Tunes WTD
WTD to
to align to an
align to an
AF PHB
AF PHB
class SCAVENGER-BULK-DATA-QUEUE
queue-limit dscp values af13 cs1 percent 80
queue-limit dscp values af12 percent 90
queue-limit dscp values af11 percent 100
class class-default
Catalyst 3650/3850
Hierarchical QoS PoliciesQueuing within Shaped Rate Example
policy-map 50MBPS-SHAPER
class class-default
shape average 50000000
service-policy 2P6Q3T
service-policy output 50MBPS-SHAPER
Defines the sub-line rate (CIR)

Provides back-pressure to the system to
engage the (previously-defined) queuing
policy, so that packets are properly
prioritized within the sub-line rate
Only the Hierarchical Shaping policy is

attached to the interface(s)
Catalyst 3650/3850
Ingress QoS policies are configured on the logical Port-Channel interface
Typically these are simply to enable DSCP trust
(which requires no explicit configuration)
Egress QoS policies are configured on the physical port-member interfaces
Platform
Catalyst 3850

Interface
Ingress

Interfaces
Egress
Catalyst 3650/3850 QoS DesignAt-A-Glance
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat3x50aag.html
Agenda


Cisco Catalyst 4500

QoS Design
Catalyst 4500
QoS Roles in the Campus Distribution
Trust DSCP +
Egress Queuing
Core Switches
Access
Switches
Catalyst 4500
Distribution
Switches
Catalyst 4500
QoS Design Steps
DSCP-Trust Model*
Conditional Trust Model
Service Policy Models
*Note: Catalyst 4500 uses IOS MQC, which trusts by default;

therefore no explicit policy is required for DSCP trust
Catalyst 4500
Conditional Trust Example
class-map match-all VOICE
match cos 5
class-map match-all SIGNALING
match cos 3
policy-map CISCO-IPPHONE
class VOICE
set dscp ef
class SIGNALING
set dscp cs3
class class-default
set dscp default
interface GigabitEthernet 3/1
qos trust device cisco-phone
service-policy input CISCO-IPPHONE
Conditional trust command (trust device) must be
prefaced by qos on the Catalyst 4500
Catalyst 4500 supports both match-all (logical AND)

and match-any (logical OR) operators
Catalyst 4500
Marking Policy Example
class VOIP
set dscp ef
set dscp af41
class SIGNALING
set dscp cs3
set dscp af21
class BULK-DATA
set dscp af11
class SCAVENGER
set dscp cs1
class class-default
set dscp default
service-policy input MARKING-POLICY
Catalyst 4500
Marking & Policing Policy Example
class VOIP
police 128k bc 8000
conform-action set-dscp-transmit ef
exceed-action drop
class SIGNALING
police 32k bc 8000
conform-action set-dscp-transmit cs3
exceed-action drop
police 5m bc 8000
conform-action set-dscp-transmit af41
exceed-action set-dscp-transmit af42
police 10m bc 8000
class BULK-DATA
police 10m bc 8000
class SCAVENGER
police 10m bc 8000
conform-action set-dscp-transmit cs1
exceed-action drop
class class-default
police 10m bc 8000
conform-action set-dscp-transmit default
exceed-action set-dscp-transmit cs1
service-policy input MARKING&POLICING
Marking/remarking is configured as part of the policing action
(i.e. no table-map or markdown-map is referenced)
Catalyst 4500
Per-Port/Per-VLAN QoS Policy Example
interface range GigabitEthernet 2/1-48
qos trust device cisco-phone
vlan 10
service-policy input DVLAN-POLICERS
vlan 110
service-policy input VVLAN-POLICERS
Per-Port/Per-VLAN policies can be applied to

a specific VLAN on a trunked interface via an
interface-VLAN
via
an interface-VLAN
configuration
configuration
mode mode
Catalyst 4500
1P7Q1T+Dynamic Buffer Limiting (DBL) Egress Queuing Model
1P7Q1T (+DBL)
Application
DSCP
Network Control
(CS7)
EF
CS6
CS5
VoIP
EF
Broadcast Video
CS5
AF4
CS4
AF3
Signaling
CS3
Transactional Data
AF2
Network Management
CS2
PQ
CS4
CS7 & CS6
Q7
(BWR
10%)
CS3 & CS2
AF4
Q6
(BWR 10%)
AF3
Q5
(BWR 10%)
AF2
Q4
(BWR 10%)
AF1
Q3
(BWR 4%)
Bulk Data
AF1
Scavenger
CS1
CS1
Q2 (BWR 1%)
Best Effort
DF
DF
Q1 (25%)
BWR =
Bandwidth
Remaining
Catalyst 4500
1P7Q1T+DBL Egress Queuing Config
class-map match-all PRIORITY-QUEUE
Enables the PQ
match dscp cs4 cs5 ef
class-map match-all CONTROL-MGMT-QUEUE
class-map match-all MULTIMEDIA-CONFERENCING-QUEUE
class-map match-all MULTIMEDIA-STREAMING-QUEUE
class-map match-all TRANSACTIONAL-DATA-QUEUE
class-map match-all BULK-DATA-QUEUE
class-map match-all SCAVENGER-QUEUE
match dscp cs1
DBL can be enabled on a per-class basis, but
DBL can be enabled on a per-class basis,
should not be enabled on the PQ or Control
but should not be enabled on the PQ or Control traffic queues
traffic queues.
Enabling DBL on UDP-based queues and/or Scavenger queue
Enabling DBL on UDP-based queues and/or
is optional
Scavenger queue is optional
If PQ is enabled then
bandwidth remaining
must be used
policy-map 1P7Q1T
class PRIORITY-QUEUE
priority
class CONTROL-MGMT-QUEUE
dbl
class BULK-DATA-QUEUE
dbl
class SCAVENGER-QUEUE
class class-default
dbl
service-policy output 1P7Q1T
Catalyst 4500
Typically these are simply to enable DSCP trust
(which requires no explicit configuration)
Platform
Catalyst 4500

Interface
Ingress

Interfaces
Egress
Catalyst 4500 Campus QoS Design At-A-Glance
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat4500aag.html
Agenda


Cisco Catalyst 6500 & 6800

QoS Design

QoS Roles in the Campus Core
Catalyst 6500/6800
Core Switches
Trust DSCP
+ Ingress Queuing
+ Egress Queuing

QoS Design Steps
1. Configure Ingress Queuing

Catalyst 6500 IOS C3PL trusts by default;


8Q4T Ingress & 1P7Q4T Egress Queuing Models (6908-10GE)
8Q4T/1P7Q4T
Application-Class
DSCP
Network Control
(CS7)
EF
CS6
CS5
VoIP
EF
Broadcast Video
CS5
AF4
Realtime-Queue
(10% BW/Priority)
CS4
CS7 & CS6
CS3 & CS2
Control Queue
(10% BW/BWR)
CS4
AF3
Signaling
CS3
Transactional Data
AF2
Network Management
CS2
Bulk Data
AF1
Multimedia-Conferencing Queue
(10% BW/BWR
+ DSCP-WRED)
Multimedia-Streaming Queue
AF3
(10% BW/BWR
+ DSCP-based WRED)
Transactional Data
AF2
(10% BW/BWR
+ DSCP-based WRED)
Bulk Data
(4% BW/BWR
AF1
+DSCP-based WRED)
Scavenger
CS1
CS1
Best Effort
DF
DF
AF4
Scavenger (1% BW/BWR)
Ingress and Egress

queuing models
varies by line
card/module.
Refer to the
6500/6800 QoS
Configuration Guide
to ensure that you
use the proper
queuing module for a
given line card.
BWR =
Bandwidth
Remaining
Default Queue
(25% BW/BWR
+ WRED)
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html

Part 1 of 3Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing REALTIME-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing CONTROL-QUEUE
class-map type lan-queuing MULTIMEDIA-CONFERENCING-QUEUE
class-map type lan-queuing MULTIMEDIA-STREAMING-QUEUE
class-map type lan-queuing TRANSACTIONAL-DATA-QUEUE
class-map type lan-queuing BULK-DATA-QUEUE
class-map type lan-queuing SCAVENGER-QUEUE
match dscp cs1
Unless specified otherwise, the

default C3PL class-map and
policy-map type is qos
(classification, marking, policing)
Class-maps and policy-maps

used for ingress and/or egress
queuing policies must be explicitly
configured as type lan-queuing
Note: A C3PL interface may support up to 4 QoS policies:

service-policy type qos input
service-policy type qos output
service-policy type lan-queuing input
service-policy type lan-queuing output

Part 2 of 38Q4T Ingress Queuing Policy-Map
Bandwidth remaining is not required
Policy-map must be defined as type lan-queuing
(as no PQ is enabled)
policy-map type lan-queuing INGRESS-8Q4T
[continued]
class REALTIME-QUEUE
bandwidth percent 10
No PQ support on ingress
class CONTROL-QUEUE
random-detect dscp-based
random-detect dscp af21 percent 80 100
bandwidth percent 4
bandwidth percent 1
class class-default
random-detect dscp default percent 80 100
Tunes WRED to better
align to the AF PHB
service-policy type lan-queuing input INGRESS-8Q4T
Part 3 of 31P7Q4T Egress Queuing Policy-Map

Policy-map must be defined as type lan-queuing
[continued]
class class-default
random-detect dscp default percent 80 100
service-policy type lan-queuing output EGRESS-1P7Q4T
policy-map type lan-queuing EGRESS-1P7Q4T

class REALTIME-QUEUE
priority
Enables egress PQ
class CONTROL-QUEUE
Tunes WRED to better align
to the AF PHB
bandwidth remaining is required

(as PQ is enabled)

No ingress policies typically needed for C6500/6800 EtherChannels

(as all ports trust DSCP & CoS by default)

Platform
Catalyst 6500/6800

Interface
Ingress

Interfaces
Egress
Cisco Catalyst 6500 QoS Design At-A-Glance
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat6500sup2taag.html
Agenda


Cisco Nexus 7000/7700

QoS Design

QoS Roles in the Campus Core

Campus Core Switches
Trust DSCP
+ Ingress Queuing
+ Egress Queuing

QoS Design Steps
1. Configure Ingress Queuing

NX-OS trusts by default;

Cisco Nexus 7700 (F3)

4Q1T Ingress Queuing (CoS-to-Queue) Model
Application
DSCP
CoS
Network Control
(CS7)
CoS 7
CS6
CoS 6
VoIP
EF
Broadcast Video
CS5
AF4
4Q1T
CoS 5
8e-4q8q-in-q1
Bandwidth 30%
Queue-Limit 10 %
CoS 4
CoS 0
8e-4q8q-in-q-default
Bandwidth 25%
Queue-Limit 30%
CoS 3
CoS 7
CoS 5
CS4
AF3
Signaling
CS3
Transactional Data
AF2
Network Management
CS2
Bulk Data
AF1
CoS 6
CoS 2
CoS 4
CoS 3
8e-4q8q-in-q3
Bandwidth 40%
Queue-Limit 30%
CoS 2
CoS 1
Scavenger
CS1
CoS 1
Best Effort
DF
DF
8e-4q8q-in-q4
Bandwidth 5%
Queue-Limit 30%

4Q1T Ingress Queuing (DSCP-to-Queue) Model
Application
DSCP
Network Control
(CS7)
CS6
VoIP
EF
Broadcast Video
CS5
AF4
4Q1T
EF
CS5
CS4
DF
CS4
AF3
Signaling
CS3
Transactional Data
AF2
Network Management
CS2
Bulk Data
AF1
CS7
CS6
AF4
AF3
CS3
AF2
CS2
Scavenger
CS1
AF1
Best Effort
DF
CS1
8e-4q8q-in-q1
Bandwidth 30%
Queue-Limit 10%
Bandwidth 25%
Queue-Limit 30%
8e-4q8q-in-q3
Bandwidth 40%
Queue-Limit 30%
8e-4q8q-in-q4
Bandwidth 5%
Queue-Limit 30%
Similar to C3PL, NX-OS allows for multiple types of

QoS policies:
type qos for classification, marking and policing
type queuing for ingress and egress queuing
Part 1 of 2: 4Q1T-Ingress Queuing Class-Maps

class-map type queuing match-any
match cos 5
no match dscp 40-63
match dscp 32, 40, 46
match cos 2-4, 6-7
match dscp 16, 18, 20, 22
match dscp 24, 26, 28, 30
match dscp 34, 36, 38
match dscp 48, 56
match cos 1
match dscp 8, 10, 12, 14
match cos 0
8e-4q8q-in-q1
NX-OS has (non-configurable) system-defined names
for queuing class-maps
8e-4q8q-in-q3
Undesired default DSCP-to-Ingress Queue mappings

need to be explicitly removed
8e-4q8q-in-q4

Part 2 of 2: 4Q1T-Ingress Queuing Policy-Map
policy-map type queuing CAMPUS-F3-4Q1T-INGRESS
class type queuing 8e-4q8q-in-q1
queue-limit percent 10
class type queuing 8e-4q8q-in-q-default
bandwidth percent 5
interface Ethernet 1/1-24
service-policy type queuing input CAMPUS-F3-4Q1T-INGRESS
Used for Data Center Bridging

Exchange (DCBX) to advertise
QoS capabilities to any DCB-peers
Q2 is the Default Queue
Allocates buffers to queues

1P7Q1T Egress Queuing (CoS-to-Queue) Model
Application
DSCP
CoS
Network Control
(CS7)
CoS 7
CS6
CoS 6
VoIP
EF
CoS 5
8e-4q8q-out-q1
PQ-Shaped to 30%
CoS 7
8e-4q8q-out-q2
BWR 5%
CoS 6
8e-4q8q-out-q3
BWR 5%
CoS 4
8e-4q8q-out-q4
BWR 20%
CoS 3
8e-4q8q-out-q5
BWR 20%
CoS 2
CoS 2
8e-4q8q-out-q6
BWR 15%
CoS 1
CoS 1
8e-4q8q-out-q7
BWR 10%
DF
CoS 0
8e-4q8q-out-q-default
BWR 25%
CoS 5
Broadcast Video
CS5
AF4
CS4
1P7Q1T
CoS 4
AF3
Signaling
CS3
Transactional Data
AF2
CoS 3
Network Management
CS2
Bulk Data
AF1
Scavenger
CS1
Best Effort
DF

Part 1 of 2: 1P7Q1T Egress Queuing Class-Maps
class-map type
match cos 5
class-map type
match cos 7
class-map type
match cos 6
class-map type
match cos 4
class-map type
match cos 3
class-map type
match cos 2
class-map type
match cos 1
queuing match-any 8e-4q8q-out-q1

Note: These are the default CoS-to-Queue mappings.

As such, this step is optional
(unless current settings are non-default).

Part 2 of 2: 1P7Q1T Egress Queuing Policy-Map
policy-map type queuing CAMPUS-F3-1P7Q1T-EGRESS
class type queuing 8e-4q8q-out-q1
priority level 1
shape average percent 30
Note: Queue-Limits are not supported in egress direction
class type queuing 8e-4q8q-out-q-default
interface Ethernet 1/1-24
service-policy type queuing output CAMPUS-F3-1P7Q1T-EGRESS
Agenda


Campus WLAN QoS Design

Considerations
and Best Practices
The Case for Wireless QoS
QoS is like a chain
Its only as strong as its weakest link
the WLAN is one of the weakest links in

enterprise QoS designs for three primary reasons:
1) Typical downshift in speed
2) Shift from full-duplex to half-duplex media
3) Shift from a dedicated media to a shared media
WLAN QoS policies control both jitter and packet loss
Wireless QoS-Specific Limitations
No priority servicing
No bandwidth guarantees
Non-deterministic media access
Only 4 levels of service
LAN QoS
WLAN QoS
WLAN QoS Improvements Quantified

Application
Original Metric
Improved Metric
Percentage
Improvement
Voice
15 ms max jitter
5 ms max jitter
300%
3.92 MOS
(Cellular Quality)
4.2 MOS
(Toll Quality)
9 fps
14 fps
Visual MOS:
Good
Visual MOS:
Excellent
14 ms latency
2 ms latency
Video
Transactional Data
55%
700%
http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf
Know Your Tools
IEEE 802.11e
User Priorities (UP)

Access Categories (AC)
Arbitration Inter-frame Spacing (AIFS)
Contention Windows (CW)
Enhanced Distributed Coordination Function (EDCF)
DSCP UP Mapping
Trust Boundaries
Policy-Enforcement Points
Application Visibility and Control (AVC)
IEEE 802.11e User Priority (UP)
3 Bit Field allows for UP values 0-7
IEEE 802.11e UP Values and Access Categories

802.11e
UP Value
802.11e
Access Category
WMM
Designation
Cisco AireOS WLC

Designation
AC_VO
Voice
Platinum
AC_VI
Video
Gold
AC_BE
Best Effort
Silver
AC_BK
Background
Bronze
6
5
4
3
0
2
1
IEEE 802.11e Arbitration Inter-Frame Spacing (AIFS)

and Contention Windows (CW)
due to the nature of wireless as a shared media, a Congestion Avoidance algorithm (CSMA/CA) must be utilized
wireless senders have to wait a fixed amount of time (the AIFS)
wireless senders also have to wait a random amount of time (the Contention Window)
AIFS and Contention Window timers vary by Access Category
Access
Category
AIFS
(Slot Times)
CWmin
(Slot Times)
3
CWmax
(Slot Times)
7
Voice
Access Category
Voice
Video
Video
15
Best Effort
Best-Effort
15
1023
Background
Background
15
1023
Upstream vs. Downstream QoS Mapping

3
802.11e Encapsulated Packet

UP
DSCP
Downstream
CAPWAP Encapsulated Packet

DSCP
DSCP
Payload
Payload
802.1p
DSCP
Payload
802.1Q Encapsulated Packet
4
AP
CAPWAP Tunnels
802.1Q Trunk
AP
WLC
AP
802.11e Encapsulated Packet

Payload
Upstream
DSCP
UP
2
Payload
DSCP
CAPWAP Encapsulated Packet
DSCP
Payload
DSCP
802.1p
802.1Q Encapsulated Packet
Default DSCP-to-UP Mapping Table
IETF PHB for VoIP: EF
Per RFC 4594 & 3246
DSCP
802.11e UP
WLC QoS Profile
56-63
48-55
Platinum
(Voice)
40-47 46
32-39
24-31
0-7
16-23
8-15
Gold
(Video)
Silver
(Best Effort)
Bronze
(Background)
Default IETF DSCP to IEEE 802.11e UP Mapping

Sub-Optimal QoS Design Example
4-Class Enterprise Model
Based on IETF 4594
DSCP
Four-Class Wireless Model

Based on IEEE 802.11e
UP 7
Voice
Signaling
EF
UP 6
CS3
UP 5
UP 4
UP 3
Transactional Data
Best Effort
AF2
UP 0
DF
UP 2
UP 1
Voice
Access
Category
Video
Access
Category
Best Effort
Access
Category
Background
Access
Category
Agenda


Cisco IOS XE WLC

AVC/QoS Design
Cisco IOS XE WLC

QoS Roles in the Wireless LAN
Centralized Deployment Model

CAPWAP Tunnel
IOS XE WLCs can be deployed

in either a Centralized or a
Converged Access Deployment
Model
CT5760 WLC
Trust Boundary
PEP
In either model:
Trust Boundary is at the AP

PEP is at the AP
Converged Access Deployment Model

CAPWAP Tunnel
Trust Boundary
PEP
Catalyst
3650/3850
Or 4500-Sup8
Cisco IOS XE WLC

AVC/QoS Design Steps
1.
Enable Application Visibility

Create a Flow Record
b) (Optional) Create a Flow Exporter
c) Create a Flow Monitor
d) Apply the Flow Monitor to the WLAN
a)
2.
Configure a AVC Policy
3.
Configure a AFD Policy
4.
(Optional) Configure Custom DSCPUP Table Maps
Cisco IOS XE WLC

Enabling Application Visibility
Step 1: Create a Flow Record
flow record AVC-FLOW-RECORD
description BASIC-AVC-FLOW-RECORD
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match flow direction
match application name
match wireless ssid
collect counter bytes long
collect counter packets long
collect wireless ap mac address
collect wireless client mac address
Step 2: (Optional) Create a Flow Exporter

flow exporter AVC-FLOW-EXPORTER
destination 10.10.10.10
transport udp 2055
destination 10.20.20.20
transport udp 9991
Note: Lancope collects

Netflow on port 2055
Note: Lancope collects

Netflow on port 2055
Step 3: Create a Flow Monitor

flow monitor AVC-FLOW-MONITOR
record AVC-FLOW-RECORD
exporter AVC-FLOW-EXPORTER
Step 4: Apply the Flow Monitor to the WLAN
wlan EMPLOYEE-WLAN
ip flow monitor AVC-FLOW-MONITOR input
ip flow monitor AVC-FLOW-MONITOR output
Cisco IOS XE WLC

Configuring AVC-Based QoS Policies
class-map match-any VOICE
match protocol cisco-phone
class-map match-any BROADCAST-VIDEO
match protocol cisco-ip-camera
class-map match-any REAL-TIME-INTERACTIVE
match protocol telepresence-media
class-map match-any CALL-SIGNALING
match protocol skinny
match protocol telepresence-control
class-map match-any TRANSACTIONAL-DATA
match protocol citrix
match protocol sap
class-map match-any BULK-DATA
match protocol attribute category email
match protocol attribute category file-sharing
match protocol attribute sub-category backup-systems
class-map match-any SCAVENGER
match protocol attribute category gaming
match protocol attribute application-group skype-group
policy-map AVC-MARKING
class VOICE
set dscp ef
class BROADCAST-VIDEO
set dscp cs5
class REAL-TIME-INTERACTIVE
set dscp cs4
class CALL-SIGNALING
set dscp cs3
set dscp af21
class BULK-DATA
set dscp af11
class SCAVENGER
set dscp cs1
class class-default
set dscp default
Note: Multiple application protocols can be
identified using attributes, including:
category
sub-category
application-group
IOS XE Approximate Fair Drop (AFD)
Client VQ
SSID VQ
Policer
Voice Queue
Policer
Video Queue
Radio VQ
Min or Max BW
Allocation
Strict
Priority
Weighted
Scheduling
Data Queue
Default Shaper
Radio Agg
Default Shaper
AFD BLOCK
Policer
Multicast Queue
Wireless Port Egress Queuing
IOS XE WLC AFD

2P2Q+Approximate Fair Drop (AFD) Wireless Port Egress Queuing Model
Application Classes
DSCP
Voice
EF
Interactive Video
AF4
Network Control
CS6
Signaling
CS3
Bulk Data
AF1
2P2Q with AFD

EF
CS6
CS3
Q0
Priority Level 1
(Limited to 10% of BW)
AF4
Q1
Priority Level 2
(Limited to 20% of BW)
AF1
AF2
CS1
Transactional Data
Q2
UnicastNon-Realtime Queue
(63% BWR)
AF2
DF
Scavenger
CS1
Best Effort
DF
Q3
Multicast Non-Realtime Queue
(7% BWR)
IOS XE WLC AFD

2P2Q+AFD Wireless Port Egress Queuing Config
class-map match-any REALTIME-1
match dscp ef
match dscp cs6
match dscp cs3
class-map match-any REALTIME-2
match dscp af41
match dscp af42
match dscp af43
Note: This policy is applied automatically to all wireless ports.

Therefore, no explicit service-policy command is required
to attach the policy to a wireless interface(s).
policy-map port_child_policy
class non-client-nrt-class
System-defined (but configurable) queuing policy
bandwidth remaining ratio 7
class REALTIME-1
priority level 1
System defined queue for multicast wireless traffic
police rate percent 10 conform-action transmit exceed-action drop
class REALTIME-2
Two-levels
Two-levels of
of priority
priority queuing
queuing are
are supported
supported
priority level 2
police rate percent 20 conform-action transmit exceed-action drop
class class-default
bandwidth remaining ratio 63
Default unicast queue (non-priority queue)
Cisco IOS XE WLC

Under-the-Hood DSCPUP Mapping
DSCP
802.11e UP
48-63
40-47
32-39
24-31
16-23
0-7
8-15
WMM Access Category

Voice
Video
Best Effort
Background
IOS XE WLC
Default DSCP-to-UP Mapping Example
Based on IETF 4594
DSCP

UP 7
Voice
Signaling
EF
UP 6
CS3
UP 5
UP 4
UP 3
Transactional Data
Best Effort
AF2
UP 0
DF
UP 2
UP 1
Voice
Access
Category
Video
Access
Category
Best Effort
Access
Category
Background
Access
Category
Cisco IOS XE WLC

Custom DSCPUP Mapping Tables
Step 1: Configure (Downstream)
DSCP-to-UP Table Map
table-map DSCP-to-UP
map from 46 to 6
map from 24 to 4
map from 18 to 3
map from 0 to 1
default 1
Step 2: Configure (Upstream)
UP-to-DSCP Table Map
table-map UP-to-DSCP
map from 6 to 46
map from 4 to 24
map from 3 to 18
default 0
Step 3: Reference These Table-Maps Within Corresponding Policy-Maps

policy-map DSCP-TO-UP-POLICY
class class-default
set wlan user-priority dscp table DSCP-to-UP
policy-map UP-to-DSCP-POLICY
class class-default
set dscp wlan user-priority table DSCP-to-UP
Step 4: Apply the Policy-Maps to the WLANs and Specify Direction

wlan EMPLOYEE-WLAN
service-policy input UP-to-DSCP-POLICY
service-policy output DSCP-TO-UP-POLICY
IOS XE WLC
Customized DSCP-to-UP Mapping Example
Based on IETF 4594
DSCP

UP 7
Voice
Signaling
EF
UP 6
CS3
UP 5
UP 4
UP 3
Transactional Data
Best Effort
AF2
UP 0
DF
UP 2
UP 1
Voice
Access
Category
Video
Access
Category
Best Effort
Access
Category
Background
Access
Category
Agenda


Cisco AireOS WLC

AVC/QoS Design
Cisco AireOS WLC

QoS Roles in the Wireless LAN
AireOS WLCs are deployed in a Centralized Deployment Model, where:
Trust Boundary is at the WLC

PEP is at the WLC
CAPWAP Tunnel
AireOS WLC
Trust Boundary
PEP
Cisco AireOS WLC

QoS Design Steps
1.
Select and Tune the WLAN QoS Profile
2.
Configure an AVC Profile
3.
Apply the QoS and AVC Profile to the WLAN and Enable Application Visibility
AireOS WLC
Tuning QoS Profiles
QoS Profiles are applied to both upstream

& downstream flows on egress
The WLAN QoS Profile defines:

WLAN Maximum Priority
It recommended to set the Maximum
Priority to voice on multiservice WLANs
Unicast and Multicast Default Priority
Typically these values are
recommended to be set to best effort
QoS Profiles override/control

AVC Profiles
AireOS WLC
Creating AVC Profiles
AVC Profiles are applied to both

upstream and downstream flows
on WLC ingress
an AVC Profile can contain a

maximum of 32 application rules
AVC profiles can be overridden

by QoS Profiles
So be sure to align these!
AireOS WLC
Attaching QoS and AVC Profiles and Enabling AVC
Select the desired QoS and AVC Profiles to apply to the WLAN
Check the box to enable Application Visibility
Cisco AireOS WLC

QoS Translation Table
Application Class
DSCP/PHB
802.11e UP
WLC QoS Profile
48 / CS6
Voice
46 / EF
Platinum
(Voice)
34 / AF41
26 / AF31
Transactional Data
18 / AF21
Best Effort
0 / DF
Bulk Data
10 / AF11
Gold
(Video)
Silver
(Best Effort)
Bronze
(Background)
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configuration-guide/b_cg81/b_cg81_chapter_01010111.html
Cisco AireOS WLC

Default DSCP-to-UP Mapping Example
Based on IETF 4594
DSCP

UP 7
Voice
Signaling
EF
UP 6
CS3
UP 5
UP 4
UP 3
Transactional Data
Best Effort
AF2
UP 0
DF
UP 2
UP 1
Voice
Access
Category
Video
Access
Category
Best Effort
Access
Category
Background
Access
Category
Cisco AireOS WLC

Customized DSCP-to-UP Mapping Example (Pending AireOS 8.1MR)
Based on IETF 4594
DSCP

UP 7
Voice
Signaling
EF
UP 6
CS3
UP 5
UP 4
UP 3
Transactional Data
Best Effort
AF2
UP 0
DF
UP 2
UP 1
Voice
Access
Category
Video
Access
Category
Best Effort
Access
Category
Background
Access
Category
Cisco AireOS WLC

QoS Roles in the Wireless LAN (Pending AireOS 8.1MR)
Customizable DSCPUP Mappings will modify QoS Roles:
Trust Boundary will move to the AP

PEP will remain at the WLC
CAPWAP Tunnel
AireOS WLC
Trust Boundary
PEP
Agenda


Looking Forward
APIC-EM QoS Apps

IWAN and EasyQoS
EM
Wireless AP
Trust Boundary
PEP
4Q (WMM)
QoS design best practices will be used to generate

platform-specific configurations
QoS features will be selectively enabled if they
directly contribute to expressing the strategic policy on
a given platform
ASR/ISRs
MQC
Catalyst 4500
1P7Q1T
Catalyst 3650
Trust Boundary
PEP
2P6Q3T
EasyQoS App
Nexus 7700
F3: 1P7Q1T
Catalyst 6500
1P3Q4T
1P7Q4T
2P6Q4T
IWAN App
WLC
PEP
Wireless AP
Trust Boundary
PEP
4Q (WMM)
Catalyst 2960-X
Trust Boundary
PEP
1P3Q3T
EasyQoS App
Summary & References
Key Takeaways
Start by defining your QoS Strategy
Campus QoS is needed primarily to control packet drops
WLAN QoS is needed to control both jitter and packet drops
Know your QoS toolset, as this varies platform-to-platform
Cisco provides many At-A-Glance guides to get you up and running quickly
Cisco also provides Cisco Validated Design guides for more detail
Campus QoS Design 4.0In-Depth

Comprehensive Design Chapters
Enterprise Quality of Service Design 4.0

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_S
RND_40/QoSIntro_40.html
Campus QoS Design 4.0

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_S
RND_40/QoSCampus_40.html
WLAN QoS Design (BYOD CVD)

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/
Unified_Access/BYOD_Design_Guide/BYOD_AVC.html
Recommended Reading
Release Date: Jan 2014
Comprehensive QoS design

guidance for PINs and platforms:
Campus Catalyst 3750/4500/6500

WLAN WLC 5508 / Catalyst 3850 NGWC
Data Center Nexus 1000V/2000/5500/7000
WAN & Branch Cisco ASR 1000 / ISR G2
MPLS VPN Cisco ASR 9000 / CRS-3
IPSec VPNs Cisco ISR G2
ISBN: 1-58714-369-0
Ken Briley
http://www.ciscopress.com/store/end-to-end-qos-network-design-quality-of-service-for-9781587143694
Participate in the My Favorite Speaker Contest

Promote Your Favorite Speaker and You Could Be a Winner
Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
Send a tweet and include
Your favorite speakers Twitter handle @tim_szigeti
Two hashtags: #CLUS #MyFavoriteSpeaker
You can submit an entry for more than one of your favorite speakers
Dont forget to follow @CiscoLive and @CiscoPress
View the official rules at http://bit.ly/CLUSwin
Complete Your Online Session Evaluation
Give us your feedback to be

entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.
Complete your session surveys

though the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Dont forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
Related sessions
Thank you

BRKCRS 2501

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

BRKCRS 2501

Încărcat de

Drepturi de autor:

Formate disponibile

Campus QoS Design

Campus QoS Design Considerations and Best Practices

Cisco Catalyst 2960-X QoS Design

Campus WLAN QoS Design Considerations and Best Practices

Cisco IOS XE WLC AVC/QoS Design

Summary and References

Campus QoS Design

What Do You Consider First?

BRKRST-2056: The QoS Paradigm Shift

Start by Defining Your QoS Strategy

BRKRST-2056: The QoS Paradigm Shift

The Case for Campus QoS

The primary role of QoS in campus networks is to manage packet loss

In campus networks, it takes only a few milliseconds of congestion to cause drops

Rich media applications are extremely sensitive to packet drops

Why Is Video So Sensitive to Packet Loss?

1080 lines of Horizontal Resolution

x 24 bits of color per pixel

VoIP vs. HD VideoAt the Packet Level

Campus QoS Design Considerations

Gbps Line Rate

GE Linecard Example (WS-X6148)

Total Per-Queue Buffer*: 1.35 MB

Gbps Line Rate: 1 Gbps = 125 MB/s

Total Per-Queue Buffering Capacity: 10.8 ms

Campus QoS Design Considerations

10 Gbps Line Rate

10 GE Linecard Example (WS-X6908)

Total Per-Queue Buffer*: 11.25 MB

Gbps Line Rate: 10 Gbps = 1.25 GB/s

*Assuming (8) equal-sized queues

Oversubscription in the Campus

Oversubscription in the Campus

Oversubscription in the Campus

Oversubscription in the Campus

Know Your Tools

Catalyst and Nexus switch hardware

Software and Syntax

Global Default QoS Settings

Trust States and Conditional Trust

Logical vs. Physical Interface QoS

Ingress and Egress Queuing Models

Software and Syntax Variations

QoS is enabled by default

QoS is enabled by default (Sup2T) Disabled by default (Sup720)

Nexus 7000/7700 use NX-OS QoS

QoS is enabled by default

Untrusted / User-Administered Devices

The trust boundary is the edge where

Trusted Centrally-Administered Devices

Policy Enforcement Points (PEPs)

Trust Boundary, PEP and MappingPart 1

A Conditional Trust statement is deployed on all access edge switch ports

class-map match-all VOICE

interface gig 1/1-48

Trust Boundary, PEP and MappingPart 2

The access switch maps CoS-to-DSCP

Note: the Policy Enforcement Point remains at the access switch

Per-Port QoS vs. Per-VLAN QoS

interface gig 1/1-48

Campus QoS Design Considerations

DVLAN policy map is applied

Trunked Physical Ports